Both cybercrime and cybercriminals have developed at a rapid pace, while the law has progressed at best at a snail's pace, and even that is usually only a knee-jerk reaction. Technology, particularly the Internet, has created a seamless, borderless platform for use, abuse, and misuse, with few laws or enforcement mechanisms to prevent, protect, cure, or punish such transgressions.

Cybersecurity is the use of technology, processes, and policies to prevent cyberattacks on systems, networks, programs, devices, and data. Its goal is to limit the risk of cyberattacks and protect systems, networks, and technologies from unauthorized use.[i] Cybersecurity measures, also known as information technology security (IT), prevent threats to networked systems and applications, whether they come from outside or inside a company or organization.

Cyber Security Challenges:

• Cybercrime:

  According to Joseph Aghatise,[ii] cybercrime is a crime committed on the Internet using a computer either as a tool or as a targeted victim. It is very difficult to categorize crimes into different groups because many crimes evolve daily. Even in the real world, crimes such as rape, murder, or theft do not necessarily need to be separated. However, in all cybercrimes, both the computer and the person behind it are victims; it just depends on which of the two is the main target. Therefore, the computer can be a target or a tool for simplicity. Hacking, for example, involves attacking the computer's information and other resources. It is important to note that in many cases, there is overlap, and it is impossible to have a perfect classification system.[iii]
  
  Verizon's[iv] 2016 annual report, titled "Data Breach Investigations Report," lists industry-related incidents and security breaches. According to the report, "89 percent of data breaches had a financial or espionage-related purpose."[v] When individuals suffer harm, the impact is felt the most, especially when the hard road of international enforcement is taken. The vastness of cyberspace makes enforcement even more difficult.
  
  According to a report by the Ministry of Electronics and Information Technology (MeitY) submitted to a parliamentary subcommittee, cybercrime and fraud cases increased more than fivefold between 2018 and 2021. According to data from India's Computer Emergency Response Team (Cert-In), the total number of incidents increased from 208,456 in 2018 to 1,402,809 in 2021, so according to these figures, cybercrime in India has increased by 572% in just 3 years.[vi]
   

• Cyber Terrorism:

  Social media sites such as Facebook, Twitter, and YouTube have become popular recruiting sites for terrorists. The attacks on Charlie Hebdo[vii] and in Paris[viii] in November 2015 highlighted the effectiveness of social media in reaching recruits from afar.
  
  Soon after the enactment of the IT Act of 2000, errors became apparent, prompting the circulation of draft amendments in 2005 and the introduction of a bill in 2006. After the Mumbai attacks, the IT Act amendments owing to the inclusion of the provision on "Cyber Terrorism" were passed in the parliament without debate or discussion. The Mumbai attacks of 26/11 (2008)[ix] were a major factor in the IT Act amendments of December 2008 receiving a super expedited stamp of approval. Section 66F of the IT Act deals with cyber terrorism in India.
  
  Despite their shortcomings, the regulations in place show an attempt to regulate cybercrime and cyber-terrorism. However, when implemented in the sphere of cyber warfare, the regulations clearly illustrate their limits. Several attacks, such as the Estonia DDOS attack, the Stuxnet attack on Iran, and Ukraine's Power Grid Attack are considered cyber-warfare. The lack of effective punishment against perpetrators indicates the enormous gap in the fight against these types of threats
  
  Cyber money laundering has emerged as the next big problem, especially in the fight against terrorism. For cross-border crime, online payment systems have become the primary payment method. More crucially, they have become the primary means for terrorists to raise funds. Consequently, states cannot overlook the fact that terrorists spread their actions through digital or electronic media. This is a real and present threat that states must address.

Laws related to cyber security in India:

• Exclusive cyber laws:

  The Information Technology Act of 2000,[x] as amended in 2008, is India's principal cybercrime law. Crimes against the nation predominate among the criminal provisions of the old law and the amended IT law.
  
  The provision for cyber terrorism under section 66F was added in 2008. Section 69 of the IT Act gave the government broad interception and monitoring powers. Sections 69A and 69B were added to tighten these provisions, allowing governments to monitor and collect traffic statistics as well as prevent access to content on the internet.
  
  Another provision that affected the dynamics of governmental monitoring and intermediary compliance was the insertion of intermediary duties and liabilities, specifically section 67C, which imposes penalties on intermediaries who violate government directives. Section 70 applied to "protected systems" such as critical information infrastructure. Sections 70A and 70B were inserted to create a national nodal agency for critical infrastructure protection and to establish the Indian Computer Emergency Response Team (CERT-IN).
  
  Sections 71 to 74 deal with offenses involving "Electronic Signature Certificates," such as misrepresentation to obtain an electronic signature certificate (Section 71), breach of confidentiality (Section 72), and publication of an electronic signature certificate with false details or fraudulent purposes (Section 73). In addition, section 72A was enacted, as the criminal counterpart of section 43A of the IT Act. Breach of confidentiality concerning "personal information" with the intent to cause unlawful loss or benefit is punishable by 3 years in prison and a fine of Rs. 500,000 under the section.
   

• Cyberlaw Provisions In Other Laws:

  The IPC and the Indian Evidence Act were revised to add several clauses after the passage of the IT Act in 2000. Most of these modifications dealt with the admissibility of electronic records and offenses related to them. The provisions from sections 463 to 477A of the IPC, which made forging electronic records a crime, were the most significant amendments. These provisions strongly encourage the prosecution of phishing attacks and a variety of other banking and financial frauds.
  
  Apart from the IPC, Intellectual Property legislation also bolsters the provisions of the IT Act for punishing infractions. For example, if the data stolen is proprietary, data theft offenses can be prosecuted under section 63 of the Copyright Act, 1957. Section 65B of the Copyright Act, as well as sections 463 to 468 of the IPC, may be used in the case of a breach of a proprietary right to the software. Cybersquatting and phishing crimes may also come under the Trademarks Act of 1999's criminal prohibitions.
  
  These offenses would fall under the general category of "cybercrime" if they were committed online or using computer resources; however, the IT Act may not specifically regulate them. Provisions from several statutes may become applicable for prosecution depending on the facts of each case.

Conclusion:
There are currently no explicit laws for the prosecution of financial or banking frauds. Existing provisions, including those added through the 2008 amendments, have been relied on to initiate successful prosecutions depending on the modus and means of committing cyber offenses[xi].

This jigsaw puzzle of cyber laws distributed over numerous enactments, rather than a single enactment, points to the fundamental impediment in the proper and effective criminal prosecution against cybercrime, India is in urgent need of separate cyber security legislation, for dealing with cybercrimes.

Justice Krishna Iyer's words, "an 'ephemeral' measure to meet a perennial menace is neither a logical step nor national fulfillment" comes true here as well. With the creation of the National Cyber Security Policy in 2013,[xii] there has been a wake-up call and significant traction. However, India has to follow through on this promise by overhauling existing laws to tackle cybercrime. Today's cyber-attacks fade into insignificance in comparison to the risks of tomorrow.

Any attempt to rewrite existing legislation should not only consider and handle current concerns but also guarantee that the law is flexible and dynamic enough to deal with forthcoming threats. Today, cyberspace interacts with India's major economic, business, and other interests. To protect India's strategic, sovereign, economic, and commercial interests in cyberspace, the union must implement strict deterrence policies and cyber security reforms at all levels of operation.[xiii]

End-Notes:

1. It governance, what is Cyber Security? Definition and Best Practices, available at https://www.itgovernance.co.uk/what-is-cybersecurity
2. Joseph Aghatise has more than 14 years of expertise in information security, mobile, and web technology deployment. Security, systems design, creativity, strategy, and implementation are all areas where he excels.
3. Joseph Aghatise, Cybercrime definition, Research gate, available at https://www.researchgate.net/publication/265350281_Cybercrime_definition
4. Verizon is one of the world's largest communication technology firms. Verizon Communications, founded on June 30, 2000, is a significant provider of technology and communications services around the world.
5. Verizon, Data Breach Investigations Report, Available at https://trak.in/tags/business/2022/04/12/cyber-crimes-in-india-witness-572-increase-in-last-3-years-14-lakh-cases-in-2021-recorded-by-govt/www.verizonenterprise.com/…/reports/rp_DBIR_2016_Report_en_xg.pdf.
6. Track.in, Cyber Crimes In India Witness 572% Increase In Last 3 Years! 14 Lakh Cases In 2021 Recorded By Govt., Available at https://trak.in/tags/business/2022/04/12/cyber-crimes-in-india-witness-572-increase-in-last-3-years-14-lakh-cases-in-2021-recorded-by-govt/
7. Two French Muslim brothers, Sad and Chérif Kouachi, made their way into the headquarters of the French satirical weekly newspaper Charlie Hebdo in Paris on January 7, 2015, at 11:30 a.m. CET local time. They killed 12 individuals and injured 11 others with guns and other weapons.
8. The "November 2015 Paris attacks" were a series of coordinated Islamist terrorist assaults that occurred in Paris, France, and Saint-Denis, the city's northern suburb, on Friday, November 13, 2015.
9. The 2008 Mumbai attacks were a series of terrorist attacks in November 2008 in which ten members of the Pakistani Islamist terrorist organization Lashkar-e-Taiba carried out twelve coordinated shooting and bombing attacks in Mumbai over a four-day period.
10. Available at https://www.meity.gov.in/content/information-technology-act-2000-0
11. N S Nappinai, Technology Laws Decoded, Lexis Nexis (First 2017 edition)
12. Ministry of Communication and Information Technology, 'National Cyber Security Policy—2013', 2013, p. 5, available at https://dit.tripura.gov.in/sites/default/files/National%20Cyber%20Securi.
13. Rebant Juyal, Cyber security and Threats: Cyber terrorism and the Order Today, Journal of defense services, available at https://idsa.in/jds/cybersecurity-and-threats-15-2-2021#footnote123_qo346b1